Pwn2Own - Security Experts create Windows 7 browser exploits that bypass DEP

These testers are top notch in their knowledge of the Windows 7 architecture and it's memory management.  They used fuzzers, which are automated testing tools, to find vulnerable code that might be subject to crashing Windows security layers.

Hacker busts IE8 on Windows 7 in 2 minutes
http://www.computerworld.com/s/article/9174101/Hacker_busts_IE8_on_Windows_7_in_2_minutes
http://blogs.zdnet.com/security/?p=5855

QUOTE: Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities. Vreugdenhil, an independent researcher who specializes in finding and exploiting client-side vulnerabilities, used several tricks to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two significant security protections built into the Windows platform.

Nils also sidestepped DEP and ASLR in Windows 7 when he exploited the newest version of Firefox later in the day. Like Vreugdenhil, Nils also was awarded the notebook and $10,000. This was Nils' second Pwn2Own victory; last year he grabbed $15,000 by exploiting not only Firefox, but also Safari and IE8. "As usual, Nils' exploit was very thorough," said TippingPoint's Portnoy, who is the organizer of the Pwn2Own contest.